PaulDotCom mailing list archives
Re: Jeremy Druin's Web App Pen-testing Videos (@webpwnized)
From: Xander Solis <xrsolis () gmail com>
Date: Mon, 19 Mar 2012 10:51:56 +0800
Awesome work Jeremy and Adrian. This will help a lot. On Thu, Mar 15, 2012 at 1:05 AM, Adrian Crenshaw <irongeek () irongeek com>wrote:
I knew when my homie Jeremy Druin's took over Mutillidae<http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10>that he was doing more work on it than I ever did, but I did not realize the number of videos and subjects he has covered with it! I hope the list below comes out ok in your email viewer. If not, here is the index: http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae 1. Determine Http Methods Using Netcat<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-http-methods-using-netcat> 2. Determine Server Banners Using Netcat Nikto And W3af<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#determine-server-banners-using-netcat-nikto-and-w3af> 3. Bypass Authentication Using SQL Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-using-sql-injection> 4. Using Menus<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-menus> 5. Bypass Authentication Via Authentication Token Manipulation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#bypass-authentication-via-authentication-token-manipulation> 6. Explanation Of HTTPonly Cookies In Presense Of Cross Site Scripting <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#explanation-of-httponly-cookies-in-presense-of-cross-site-scripting> 7. Closer Look At Cache Control And Pragma No Cache Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#closer-look-at-cache-control-and-pragma-no-cache-headers> 8. Demonstration Of Frame Busting Javascript And X-Frame Options Header<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demonstration-of-frame-busting-javascript-and-x-frame-options-header> 9. How To Install And Configure Burp Suite With Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-install-and-configure-burp-suite-with-firefox> 10. Basics Of Web Request And Response Interception Using Burp Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-web-request-and-response-interception-using-burp-suite> 11. Brute Force Authentication Using Burp Intruder<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-authentication-using-burp-intruder> 12. Automate SQL Injection Using SQLMap To Dump Credit Cards Table<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#automate-sql-injection-using-sqlmap-to-dump-credit-cards-table> 13. Command Injection To Dump Files Start Services Disable Firewall<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#command-injection-to-dump-files-start-services-disable-firewall> 14. How To Exploit Local File Inclusion Vulnerability Using Burp Suite<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-exploit-local-file-inclusion-vulnerability-using-burp-suite> 15. HTML Injection To Popup Fake Login Form And Capture Credentials<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#html-injection-to-popup-fake-login-form-and-capture-credentials> 16. Two Methods To Steal Session Tokens Using Cross Site Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-steal-session-tokens-using-cross-site-scripting> 17. How To Bypass Maxlength Restrictions On HTML Input Fields<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-bypass-maxlength-restrictions-on-html-input-fields> 18. Two Methods To Bypass Javascript Validation<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#two-methods-to-bypass-javascript-validation> 19. Three Methods For Viewing Http Request And Response Headers<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-http-request-and-response-headers> 20. Basics Of SQL Injection Timing Attacks <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-timing-attacks> 21. Basics Of SQL Injection Using Union<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-sql-injection-using-union> 22. Basics Of Inserting Data With SQL Injection<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-inserting-data-with-sql-injection> 23. Inject Root Web Shell Backdoor Via SQL Injection <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#inject-root-web-shell-backdoor-via-sql-injection> 24. Basics Of Using SQL Injection To Read Files From Operating System<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-using-sql-injection-to-read-files-from-operating-system> 25. How To Locate The Easter Egg File Using Command Injection <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-locate-the-easter-egg-file-using-command-injection> 26. Injecting Cross Site Script Into Stylesheet Context <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#injecting-cross-site-script-into-stylesheet-context> 27. Introduction To Http Parameter Pollution <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#introduction-to-http-parameter-pollution> 28. Basics Of Injecting Cross Site Script Into HTML Onclick Event <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-injecting-cross-site-script-into-HTML-onclick-event> 29. Basics Of Finding Reflected Cross Site Scripting <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-finding-reflected-cross-site-scripting> 30. Analyze Session Token Randomness Using Burp Suite Sequencer <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#analyze-session-token-randomness-using-burp-suite-sequencer> 31. Using Nmap To Fingerprint Http Servers And Web Applications <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-nmap-to-fingerprint-http-servers-and-web-applications> 32. Spidering Web Applications With Burp Suite <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#spidering-web-applications-with-burp-suite> 33. Basics Of Burp Suite Targets Tab And Scope Settings <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-burp-suite-targets-tab-and-scope-settings> 34. Brute Force Page Names Using Burp Intruder Sniper <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#brute-force-page-names-using-burp-intruder-sniper> 35. Using Burp Intruder Sniper To Fuzz Parameters<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-burp-intruder-sniper-to-fuzz-parameters> 36. Comparing Burp Intruder Modes Sniper Battering RAM Pitchfork Cluster Bomb <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#comparing-burp-intruder-modes-sniper-battering-ram-pitchfork-cluster-bomb> 37. Demo Usage Of Burp Suite Comparer Tool <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#demo-usage-of-burp-suite-comparer-tool> 38. Import Custom Nmap Scans Into Metasploit Community Edition<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#import-custom-nmap-scans-into-metasploit-community-edition> 39. Using Metasploit Community Edition To Locate Web Servers <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#using-metasploit-community-edition-to-locate-web-servers> 40. XSS DNS Lookup Page Bypassing Javascript Validation <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#xss-dns-lookup-page-bypassing-javascript-validation> 41. Use Burp Suite Sequencer To Compare Csrf Token Strengths<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#use-burp-suite-sequencer-to-compare-csrf-token-strengths> 42. How To Remove PHP Errors After Installing On Windows Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-remove-php-errors-after-installing-on-windows-xampp> 43. Quickstart Guide To Installing On Windows With Xampp<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quickstart-guide-to-installing-on-windows-with-xampp> 44. Basics Of Running Nessus Scan On Backtrack 5 R1 <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-running-nessus-scan-on-backtrack-5-r1> 45. How To Import Nessus Scans Into Metasploit Community Edition <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-import-nessus-scans-into-metasploit-community-edition> 46. Basics Of Exploiting Vulnerabilities With Metasploit Community Edition <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#basics-of-exploiting-vulnerabilities-with-metasploit-community-edition> 47. Sending Persistent Cross Site Scripts Into Web Logs To Snag Web Admin <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#sending-persistent-cross-site-scripts-into-web-logs-to-snag-web-admin> 48. Quick Start Overview Of Useful Pen-Testing Addons For Firefox<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#quick-start-overview-of-useful-pen-testing-addons-for-firefox> 49. Three Methods For Viewing Javascript Include Files <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#three-methods-for-viewing-javascript-include-files> 50. Reading Hidden Values From HTML5 Dom Storage <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#reading-hidden-values-from-html5-dom-storage> 51. How To Execute Javascript On The Urlbar In Modern Browsers <http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#how-to-execute-javascript-on-the-urlbar-in-modern-browsers> 52. Adding Values To Dom Storage Using Cross Site Scripting<http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae#adding-values-to-dom-storage-using-cross-site-scripting> -- "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham "The ability to Google can be a serviceable substitute for technical knowledge." ~ Adrian D. Crenshaw -- "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham "The ability to Google can be a serviceable substitute for technical knowledge." ~ Adrian D. Crenshaw _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Jeremy Druin's Web App Pen-testing Videos (@webpwnized) Adrian Crenshaw (Mar 16)
- Re: Jeremy Druin's Web App Pen-testing Videos (@webpwnized) Xander Solis (Mar 18)